YoVDO

Oracle Data Redaction is Broken

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Data Protection Courses Data Encryption Courses PCI Compliance Courses

Course Description

Overview

Explore the vulnerabilities in Oracle's data redaction service, introduced in Oracle 12c, through this Black Hat conference talk. Learn how the service, designed to protect sensitive data like PII, can be bypassed by attackers, potentially leading to privilege escalation. Delve into the history of Oracle security issues, examine the implementation flaws, and discover multiple attack vectors that compromise the redaction feature. Understand the implications for PCI compliance and data encryption. Compare Oracle's approach to Microsoft's, and gain insights into Oracle's internal processes and documentation practices. Discover practical strategies to protect against these vulnerabilities and critically evaluate the effectiveness of Oracle's data redaction service in real-world scenarios.

Syllabus

Introduction
Who am I
History
Launching External Procedures
Oracles Fix
Backend Bypass
Patches
Oracle vs Microsoft
Oracle Data Redaction
Why Redaction
How it works
XML query vulnerability
Updating a column
Brute force
Common Criteria
Protection Profile
Data is not changed
Is it useful
PCI compliance
Data encryption
How do I protect against this
Oracles internal processes
Its not rocket science
No documentation
Oracle Fusion Media Pack


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube